Permalink
Browse files

fix sqlite problem (#193)

* fix sqlite problem

* fix tests
  • Loading branch information...
rnehra01 authored and afeena committed Aug 22, 2017
1 parent 3f14731 commit 3dde5e70a05822faf08d6b841c203f9593b68425
Showing with 5 additions and 4 deletions.
  1. +3 −2 tanner/emulators/sqli.py
  2. +2 −2 tanner/tests/test_sqli.py
View
@@ -30,7 +30,7 @@ def map_query(self, attack_value):
param_value = attack_value['value'].replace('\'', ' ')
tables = []
for table, columns in self.query_map.items():
for column in columns:
for column in columns:
if param == column['name']:
tables.append(dict(table_name=table, column=column))
@@ -45,9 +45,10 @@ def map_query(self, attack_value):
async def get_sqli_result(self, attack_value, attacker_db):
db_query = self.map_query(attack_value)
if db_query is None:
result = 'You have an error in your SQL syntax; check the manual\
error_result = 'You have an error in your SQL syntax; check the manual\
that corresponds to your MySQL server version for the\
right syntax to use near {} at line 1'.format(attack_value['id'])
result = dict(value=error_result, page=True)
else:
execute_result = await self.sqli_emulator.execute_query(db_query, attacker_db)
if isinstance(execute_result, list):
@@ -10,7 +10,7 @@ class SqliTest(unittest.TestCase):
def setUp(self):
self.loop = asyncio.new_event_loop()
asyncio.set_event_loop(None)
query_map = {
'users': [{'name':'id', 'type':'INTEGER'}, {'name':'login', 'type':'text'},
{'name':'email', 'type':'text'}, {'name':'username', 'type':'text'},
@@ -57,4 +57,4 @@ def test_get_sqli_result_error(self):
that corresponds to your MySQL server version for the\
right syntax to use near foo at line 1'
result = self.loop.run_until_complete(self.handler.get_sqli_result(attack_value, 'foo.db'))
self.assertEqual(assert_result, result)
self.assertEqual(assert_result, result['value'])

0 comments on commit 3dde5e7

Please sign in to comment.